Quip comment spam and how to stop it....

Hi,

I have a client site with a blog using Articles and Quip as per the RTFM tutorial suggests with some mods. The site is a busy one and we are getting loads of spambot comment posts to the blog posts. I have tried to implement Rampart but it does not seem to do anything... Recaptcha works - but can only get the v1 recaptcha to work and that's not responsive which breaks the site on mobile views... Can't get Quip comments to work with recaptcha v2.... The noSpam hidden field doesn't seem to work either....

Any ideas on how to stop the spam posts!!!????


cheers

dubbs.

Any ideas on getting ReCaptcha v2 to work with Articles chaps? I have the actual recaptcha element in the form, but cant set it to check its validated on form submit..

How about a small snippet to validate prior to the form submission? Do the google validation first, then the actual submission of content.

Just thinking out loud

Quote from: nuan88 at Jun 20, 2016, 06:33 PM

How about a small snippet to validate prior to the form submission? Do the google validation first, then the actual submission of content.

Just thinking out loud

Yep - I had that idea, but not sure of the PHP to validate the Recaptcha... Any ideas?

It may not fit your use case, but if you have people Register and confirm their registration from a real email address, it will almost completely eliminate comment spam if people have to log in before posting comments.

Quote from: BobRay at Jun 20, 2016, 08:30 PM

It may not fit your use case, but if you have people Register and confirm their registration from a real email address, it will almost completely eliminate comment spam if people have to log in before posting comments.

Thanks Bob - yeh, but I just want recaptcha v2 to work

I think this thread will help, even though its just focused on the theme of the iframe created by the google tool:

https://forums.modx.com/thread/99538/recaptcha-v2-how-to-change-it-039-s-theme

basically in recaptcha extra there is a snippet which does the work, independent of your form.

I don't know your level (I am not much of a coder unfortunately), and the proper solution probably is to figure out why it won't validate. I tend to work around problems due to my lack of ability. There is always another way to skin a cat, and sometimes that way is totally inefficient but still works ok.

Anyway, my thinking is this: treat the iframe, which is totally independent of the post itself (the form as you say) as an overlay on top of the "post" button. That way its two steps, first validate, then post.

Hmmm, not sure if this is the right way...the more I think about it the trickier it gets. And you say the hidden field also won't work?

It might help to turn on Dev. tools (ctrl-shift-i) and watch the network tab as you try to post a comment. You can see the headers and the response on their tabs after you click on a request.

Thanks guys - the nospam field works sometimes, but easily worked out by bots. It seems very odd their is no MODx integration with ReCaptcha v2 - I was hoping it would be a trivial fix to add in some support to work with the v2 version - the v1 version integrates with Articles, Formit etc already.

This looks like a pretty good explanation of the necessary changes to migrate from V1 to V2: https://blog.sendsafely.com/migrating-to-googles-nocaptcha-recaptcha . It might not require changes to the code of MODX or any MODX extras.